DNS enumeration tool. DNSRecon is a Python port of a Ruby script that I wrote to learn the language and about DNS in early 2007. This time I wanted to learn about Python and extend the functionality of the original tool and in the process re-learn how DNS works and how could it be used in the process of a security assessment and network troubleshooting.
# To scan a domain and save the results to a SQLite database:
dnsrecon --domain <example.com> --db <path/to/database.sqlite>
# To scan a domain, specifying the nameserver and performing a zone transfer:
dnsrecon --domain <example.com> --name_server <nameserver.example.com> --type axfr
# To scan a domain, using a dictionary of subdomains and hostnames for bruteforcing:
dnsrecon --domain <example.com> --dictionary <path/to/dictionary.txt> --type brt
# To scan a domain, performing a reverse lookup of IP ranges from the SPF record and saving the results to a JSON file:
dnsrecon --domain <example.com> -s --json
# To scan a domain, performing a Google enumeration and saving the results to a CSV file:
dnsrecon --domain <example.com> -g --csv
# To scan a domain, performing DNS cache snooping:
dnsrecon --domain <example.com> --type snoop --name_server <nameserver.example.com> --dictionary <path/to/dictionary.txt>
# To scan a domain, performing zone walking:
dnsrecon --domain <example.com> --type zonewalk